[***] Summary: [***]
5 new OPEN, 20 new PRO (5 + 15)
The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
[+++] Added rules: [+++]
Open:
2044142 - ET PHISHING Possible Phishing Domain in DNS Lookup (c1
.biz) (phishing.rules)
2044143 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution
Attempt (CVE-2023-0669) M1 (exploit.rules)
2044144 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution
Attempt (CVE-2023-0669) M2 (exploit.rules)
2044145 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution
Attempt (CVE-2023-0669) M3 (exploit.rules)
2044146 - ET MALWARE Win32/Disabler.NPR Checkin (malware.rules)
Pro:
2853334 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.i
CnC Domain in DNS Lookup (mobile_malware.rules)
2853335 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Aples.b CnC
Domain in DNS Lookup (mobile_malware.rules)
2853336 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Svpeng.ab
Checkin (mobile_malware.rules)
2853337 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aujb CnC Domain
in DNS Lookup (mobile_malware.rules)
2853338 - ETPRO MOBILE_MALWARE Observed Trojan.AndroidOS.Piom.aujb
Domain in TLS SNI (mobile_malware.rules)
2853339 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gigabud.a /
Android/Spy.Agent.CNE Checkin via Websocket (mobile_malware.rules)
2853340 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gigabud.a /
Android/Spy.Agent.CNE Checkin via Websocket 2 (mobile_malware.rules)
2853341 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CKR Checkin
(mobile_malware.rules)
2853342 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot
Checkin (mobile_malware.rules)
2853343 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot
Checkin 2 (mobile_malware.rules)
2853344 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot
Checkin 3 (mobile_malware.rules)
2853345 - ETPRO MOBILE_MALWARE Android/Agent.EHA CnC Domain in DNS
Lookup (mobile_malware.rules)
2853346 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CLW CnC Domain in
DNS Lookup (mobile_malware.rules)
2853347 - ETPRO PHISHING Successful TA407 Credential Phish 2023-02-07
(phishing.rules)
2853348 - ETPRO MALWARE SocGholish CnC Initial Request M2 (malware.rules)
[---] Disabled and modified rules: [---]
2852921 - ETPRO MALWARE WasabiSeed Downloader Activity (GET) (malware.rules)
---------------------------------------------------------